Security B-Sides MSP 2016 Matt Nelson"Bridging the Gap: Lessons in Adversarial Trade-craft"
As companies scramble for a way to keep from being the next Sony, they’ve started to search for ways to simulate the sophisticated attackers they now face. Organizations that have started to adopt an “assume breach” mentality understand that it’s not a matter if they’re compromised by these advanced adversaries, but when. Red team engagements allow an organization to better exercise their technical, process, and personnel defenses, but much of this advanced tradecraft has been historically restricted to teams with large budgets and time frames.
Our approach is to help push down some of this advanced tradecraft, so testers can utilize these powerful tactics in assessments of all types. This presentation will cover our view of the “assume breach” mentality, and the approach for our red team operations. We will then trace through several areas where we’ve made efforts in bringing advanced tradecraft to even constrained engagements. Adversarial tradecraft isn’t just for red teams any more.
Slides can be found here: